View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions Firewall advices
Log in to Ask a Question

Firewall advices

general

Hi guys, what should a install?

I found those in the library:

. Control Network Traffic with iptables

. Using Fail2ban to Block Network Probes

Should i install both?

Anymore tips will be welcome.

Thank you.

11 Replies

If you're on Ubuntu, you can try ufw.

https://help.ubuntu.com/10.10/servergui … ewall.html">https://help.ubuntu.com/10.10/serverguide/C/firewall.html

http://bodhizazen.net/Tutorials/iptables/

iptables is already installed, fail2ban just scans logs and temporarily blocks offending ips (it's useful to prevent log flooding).

You should use iptables and it's not a bad idea to use fail2ban.

I've always used CSF/LFD (from experience with another VPS provider), though I see fail2ban is often cited here.

CSF/LFD combine firewall management and a HIDs in the same package which is quite useful, it's not particularly resource heavy either.

It's pretty much the de facto standard for cpanel servers, however it does have gui's for direct admin and webmin as well as a cli option.

Can i install CSF/LFD without a cpanel or something similar?

If so, do i access it through a browser?

Yes, you can install it via the command line and as obs indicated you can administer it via a cPanel plugin or command line or webmin or direct admin. I've used cPanel, CLI, and Webmin to administer it on various systems.

It is always the first thing I set up on any new hardware.

Thanks haus.

I installed CSF, but in installation instructions it says to edit /etc/init.d/syslog and to make sure that any klogd lines are not commented out. But there is no syslog file in there. Do i have to install it?

Thanks

EDIT:

Check that - broken again.

I give up. Here is the suggested fix, but when I do this I am unable to log into my linode.

–--

I found this:

http://vladgh.com/blog/ubuntu-1004-and- … l-messages">http://vladgh.com/blog/ubuntu-1004-and-rsyslog-kernel-messages

and this:

http://forum.linode.com/viewtopic.php?t … g&start=15">http://forum.linode.com/viewtopic.php?t=5533&postdays=0&postorder=asc&highlight=rsyslog+kernel+logging&start=15

When I do this "fix" I'm unable to log into my linode unless I stop rsyslog.

LFD and the firewall still work. but without kernel logging I guess portscanning detection won't happen, and I think there are other problems with kernel logging not working in general but this is way beyond me.

Switching to kernel 2.6.37-linode30 seems to have fixed the kernel logging issue. Don't know of the ramifications of doing that vs the paravirt kernel I had been using before (and used to upgrade to 10.10).

Ran an online port scan and everything is working fine (messages showed up in /var/log/messages and CSF blocked it), so if you happen to be using Ubuntu 10.04 or higher with the kernel above, you shouldn't need to make any edits re: klogd.

plus 1 for CSF

I use CSF/LFD myself and love it. Easy to install and configure as well.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct